Amendments to the Claims 
Please amend claims 1, 3-5, 8, 10-11, 13-16, 19, 21, 23-25, 28, 30-31, 33-36, 39, 41, 43- 
45, 48, 50-51, and 53-56 as follows: 

1 . (Currently Amended) A method for virtualizing super-user privileges in a 
computer operating system including multiple virtual processes, the method comprising: 

designating a plurality of virtual sup e r us e rs virtual super-user , eaefe tfie virtual super-user 
being associated with a s e parat e virtual process , wherein the virtual process is a 
plurality of actual processes : 
intercepting a system call for which actual super-user privileges are required; and 
in response to the intercepted system call being made by a tiie virtual super-user and 
pertaining to the virtual process of the virtual super-user: 
granting actual super-user privileges to the virtual super-user; and 
allowing execution of the system call. 

2. (Original) The method of claim 1, further comprising: 

withdrawing the actual super-user privileges from the virtual super-user after execution of 
the system call. 

3. (Currently Amended) The method of claim 1, wherein designating comprises: 
assigning a virtual super-user identifier to each the virtual super-user. 

4. (Currently Amended) The method of claim 3, wherein eaeh the virtual super-user 
identifier comprises a super-user identifier and an indication of a the virtual process. 
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5. (Currently Amended) The method of claim 1, wherein designating comprises: 
assigning a user identifier to a tiae virtual super-user; and 

storing the user identifier and an indication of the virtual process of the virtual super-user 
in a virtual super-user list. 

6. (Original) The method of claim 1, wherein granting comprises: 
assigning a super-user identifier to the virtual super-user. 

7. (Original) The method of claim 1, wherein the intercepted system call comprises a 
system call for accessing a file. 

8. (Currently Amended) The method of claim 7, wherein the intercepted system call 
pertains to the virtual process of the virtual super-user when the file to be accessed is associated 
with the same virtual process. 

9. (Original) The method of claim 1, wherein the intercepted system call comprises a 
system call for terminating a process. 

10. (Currently Amended) The method of claim 9, wherein the intercepted system call 
pertains to the virtual process of the virtual super-user when the process to be terminated is 
associated with the sam e virtual process. 
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1 1 . (Currently Amended) The method of claim 1 , wherein the intercepted system call 
comprises a system call for terminating all processes associated with a ttie virtual process, the 
method further comprising: 

identifying each process associated with the virtual process; and 
terminating each identified process. 

12. (Previously Presented) The method of claim 11, wherein a data structure stores 
associations between processes and virtual processes, and wherein identifying comprises: 

identifying each process by its association with the virtual process in the data structiire. 

13. (Currently Amended) The method of claim 1, wherein the system call is made by 
a ttie virtual super-user when a user making the call has a virtual super-user identifier. 

14. (Currently Amended) The method of claim 1, wherein the system call is made by 
a ttie virtual super-user when a user making the call has a user identifier in a virtual super-user 
list. 

15. (Currently Amended) The method of claim 1, further comprising: 
responsive to the intercepted system call not being made by a the virtual super-user, 

disallowing execution of the system call. 

16. (Currently Amended) The method of claim 1, further comprising: 
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responsive to the intercepted system call being made by a tiie virtual super-user and not 

pertaining to the virtual process of the virtual super-user, disallov^ing execution of 
the system call. 

17. (Original) The method of claim 1, further comprising: 

responsive to the intercepted system call comprising a system call for inserting a module 
into an operating system kernel, disallov^ing execution of the system call. 

18. (Original) The method of claim 1, wherein allov^ing comprises: 
executing the system call. 

19. (Currently Amended) The method of claim 1 , v^herein intercepting a tiie system 

call comprises: 
loading a system call wrapper; 
saving a pointer to the system call; and 

replacing the pointer to the system call with a pointer to the system call wrapper, such 
that the system call wrapper is executed when the system call is invoked. 

20. (Original) The method of claim 19, wherein the pointer to the first system call 
comprises a system call vector. 
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21 . (Currently Amended) A computer program product for virtualizing super-user 
privileges in a computer operating system including multiple virtual processes, the computer 
program product comprising: 

program code for designating a plurality of virtual sup e r us e rs virtual super-user , each the 
virtual super-user being associated with a s e parat e virtual process , wherein the 
virtual process is a plurality of actual processes : 
program code for intercepting a system call for which actual super-user privileges are 
required; 

program code for determining that the intercepted system call was made by a Ae virtual 
super-user and pertains to the virtual process of the virtual super-user; granting 
actual super-user privileges to the virtual super-user; and 
allowing execution of the system call. 



22. (Original) The computer program product of claim 21, further comprising: 
program code, for withdrawing the actual super-user privileges from the virtual super-user 

after execution of the system call. 

23 . (Currently Amended) The computer program product of claim 2 1 , wherein 
program code for designating comprises: 

program code for assigning a virtual super-user identifier to each ^ virtual super-user. 
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24. (Currently Amended) The computer program product of claim 23, wherein eaefe 
the virtual super-user identifier comprises a super-user identifier and an indication of a the virtual 
process. 

25. (Currently Amended) The computer program product of claim 21, wherein 
program code for designating comprises: 

program code for assigning a user identifier to a the virtual super-user; and 
program code for storing the user identifier and an indication of the virtual process of the 
virtual super-user in a virtual super-user list. 

26. (Original) The computer program product of claim 21, wherein program code for 
granting comprises: 

program code for assigning a super-user identifier to the virtual super-user. 

27. (Original) The computer program product of claim 21, wherein the intercepted 
system call comprises a system call for accessing a file. 

28. (Currently Amended) The computer program product of claim 27, wherein the 
intercepted system call pertains to the virtual process of the virtual super-user when the file to be 
accessed is associated with the sam e virtual process. 

29. (Original) The computer program product of claim 21, wherein the intercepted 
system call comprises a system call for terminating a process. 
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30. (Currently Amended) The computer program product of claim 29, wherein the 
intercepted system call pertains to the virtual process of the virtual super-user when the process 
to be terminated is associated with the sam e virtual process. 

3 1 . (Currently Amended) The computer program product of claim 2 1 , wherein the 
intercepted system call comprises a system call for terminating all processes associated with a the 
virtual process, the computer program product further comprising: 

program code for identifying each process associated with the virtual process; and 
program code for terminating each identified process. 

32. (Original) The computer program product of claim 31, wherein an association data 
structure stores associations between processes and virtual processes, and wherein program code 
for identifying comprises: 

program code for identifying each process by its association with the virtual process in 
the association data structure. 

33. (Currently Amended) The computer program product of claim 21, wherein the 
system call is made by a the virtual super-user when a user making the call has a virtual super- 
user identifier. 
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34. (Currently Amended) The computer program product of claim 21, wherein the 
system call is made by a the virtual super-user when a user making the call has a user identifier in 
a virtual super-user list. 



3 5 . (Currently Amended) The computer program product of claim 2 1 , further 
comprising: 

program code for disallowing execution of the system call in response to the intercepted 
system call not being made by a the virtual super-user. 

36. (Currently Amended) The computer program product of claim 2 1 , further 

comprising: 

program code for disallowing execution of the system call in response to the intercepted 
system call being made by a tiie virtual super-user and not pertaining to the virtual 
process of the virtual super-user. 

37. (Original) The computer program product of claim 21, further comprising: 
program code for disallowing execution of the system call in response to the intercepted 

system call comprising a system call for inserting a module into an operating 
system kernel. 

38. (Original) The computer program product of claim 21, wherein program code for 
allowing comprises: 

program code for executing the system call. 
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39. (Currently Amended) The computer program product of claim 2 1 , wherein 
program code for intercepting a tiie system call comprises: 

program code for loading a system call wrapper; 
program code for saving a pointer to the system call; and 

program code for replacing the pointer to the system call with a pointer to the system call 
wrapper, such that the system call wrapper is executed when the system call is 
invoked. 

40. (Previously Presented) The computer program product of claim 39, wherein the 
pointer to the first system call comprises a system call vector. 

41 . (Currently Amended) A system for virtualizing super-user privileges in a 
computer operating system including multiple virtual processes, the system comprising: 

a virtual super-user designation module for designating a plurality of virtual sup e r us e rs 
virtual super-user , eaeh ttie virtual super-user being associated with a separate 
virtual process , wherein the virtual process is a plurality of actual processes ; and 

a system call wrapper for intercepting a system call for which actual super-user privileges 
are required and, in response to the intercepted system call being made by a the 
virtual super-user and pertaining to the virtual process of the virtual super-user, 
granting actual super-user privileges to the virtual super-user and allowing 
execution of the system call. 
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42. (Original) The system of claim 41, wherein the system call wrapper is further 
configured to withdraw the actual super-user privileges from the virtual super-user after 
execution of the system call. 

43. (Currently Amended) The system of claim 41 , wherein the virtual super-user 
designation module is further configured to assign a virtual super-user identifier to eaeh the 
virtual super-user. 

44. (Currently Amended) The system of claim 43, wherein eaeh the virtual super-user 
identifier comprises a super-user identifier and an indication of a tiie virtual process. 

45. (Currently Amended) The system of claim 41, wherein the virtual super-user 
designation module is further configured to assign a user identifier to a the virtual super-user and 
store the user identifier and an indication of the virtual process of the virtual super-user in a 
virtual super-user list. 

46. (Original) The system of claim 41, wherein the system call wrapper is further 
configured to assign a super-user identifier to the virtual super-user. 

47. (Original) The system of claim 41, wherein the intercepted system call comprises a 
system call for accessing a file. 
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48. (Currently Amended) The system of claim 47, wherein the intercepted system call 
pertains to the virtual process of the virtual super-user when the file to be accessed is associated 
with the seme virtual process. 

49. (Original) The system of claim 41, wherein the intercepted system call comprises a 
system call for terminating a process . 

50. (Currently Amended) The system of claim 49, wherein the intercepted system call 
pertains to the virtual process of the virtual super-user when the process to be terminated is 
associated with the sam e virtual process. 

51. (Currently Amended) The system of claim 41, wherein the intercepted system call 
comprises a system call for terminating all processes associated with a tfie virtual process, and 
wherein the system call wrapper is further configured to identify each process associated with the 
virtual process and terminate each identified process. 

52. (Original) The system of claim 51, further comprising: 

an association data structure for storing associations between processes and virtual 

processes, wherein the system call wrapper is further configured to identify each 
process by its association with the virtual process in the association data structure. 

53i (Currently Amended) The system of claim 41, wherein the system call is made by 
a the virtual super-user when a user making the call has a virtual super-user identifier. 
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54. (Currently Amended) The system of claim 41, wherein the system call is made by 
a the virtual super-user when a user making the call has user identifier in a virtual super-user list. 

55. (Currently Amended) The system of claim 41, wherein the system call wrapper is 
further configured to disallow execution of the intercepted system call in response to the 
intercepted system call not being made by a tioe virtual super-user. 

56. (Currently Amended) The system of claim 41, wherein the system call wrapper is 
further configured to disallow execution of the intercepted system call in response to the 
intercepted system call being made by a the virtual super-user and not pertaining to the virtual 
process of the virtual super-user. 

57. (Original) The system of claim 41, wherein the system call wrapper is further 
configured to disallow execution of the intercepted system call in response to the intercepted 
system call comprising a system call for inserting a module into an operating system kernel. 

58. (Original) The system of claim 41, wherein the system call wrapper is further 
configured to execute the system call. 
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